07-25-2019 11:22 AM
Hi All,
I have a customer that connects their ISE deployment to their main Active Directory Domain. They are seeing traffic from a PSN to a secondary Active Directory domain that has a one-way trust with the main Active Directory domain.
Is there any reason there would be traffic to the secondary domain if its not specified in the config? The secondary domain is not listed in the secondary domains for the ISE deployment.
Appreciate any guidance.
Thanks,
Rob
Solved! Go to Solution.
07-26-2019 06:58 AM
Such traffic is for AD domain and forest discovery.
07-26-2019 07:48 AM
Thanks for the reply. So, if there was no trusting between the two domains, would we see that discovery still?
Thanks,
Rob
07-26-2019 06:58 AM
Such traffic is for AD domain and forest discovery.
07-26-2019 07:48 AM
Thanks for the reply. So, if there was no trusting between the two domains, would we see that discovery still?
Thanks,
Rob
07-27-2019 04:54 PM
Yes.
07-29-2019 12:39 PM
Thanks for the assistance. Do we have any documentation to show this behavior? The customer will need to provide some info to other team members.
Thanks,
Rob
07-29-2019 09:04 PM
I suggest going through Cisco Live session - BRKSEC-2132 which has information about discovery !
Thanks,
Nidhi
07-30-2019 06:25 AM
Thanks so much for the info!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide